Security problems with PCs make them unsuitable for many functions since data entered by users can be manipulated or copied by an attacker. For example, transactions can be changed to send money to unwanted recipients or to order unwanted goods, or user credentials can be copied providing attackers with access to systems such as those used for Internet banking.
To solve some of these problems, a user secure device (also a “trusted device”) can be used together with a PC. One such solution, the IBM Zone Trusted Information Channel (see Thomas Weigold, Thorsten Kramp, Reto Hermann, Frank Höring, Peter Buhler, Michael Baentsch, “The Zurich Trusted Information Channel—An Efficient Defence against Man-in-the-Middle and Malicious Software Attacks”, In P. Lipp, A.-R. Sadeghi, and K.-M. Koch (Eds.): TRUST 2008, LNCS 4968, pp. 75-91, 2008), allows the user to verify information associated with a transaction (e.g., in the case of Internet banking the amount and recipient) before the transaction is executed by the service provider (e.g., the bank). The transaction is verified on the device, which is secure and can send the verified information to the back-end system in a secure manner.
Besides, given the availability of low-cost, high-capacity USB flash drives, secure document management has become an area of concern for any IT organization. There are notably two problems:
1. External data loss: large amounts of sensitive data can easily be stored and transported on devices such as USB flash drives. The loss of such a device can create a legal or financial exposure for a company.
2. Employee data theft: sensitive data can easily be stolen by employees who have access thereto via a PC.
Solutions are now emerging on the market for the first problem. For instance, data on USB drives can be encrypted and password protected. Similar to other IT systems, if a wrong password is entered more than a specified number of times, then the devices lock, thereby making the data inaccessible.
The second problem can be addressed by blocking, within a company, USB ports for mass-storage devices. Unfortunately, such solutions also prevent many legitimate and useful applications of portable storage devices.
Another approach is to use monitoring software on the user's PC in order to detect and prevent data copying that violates given policies. However such software solutions are only as secure as the system and application software used to implement it, i.e., in the presence of a determined attacker, they cannot solve the problem.
A related challenge is the secure distribution of sensitive documents. A document can be encrypted prior to distribution, which protects the documents while it is in transit and once it is stored on a user's PC, assuming it is stored in an encrypted form. However, as soon as the document is decrypted, for example for viewing, it is exposed, whence a risk. Inside of a company, the risk is limited by the overall security of the company's IT infrastructure that is used to process (e.g., view or print) the documents. Yet, when such a document is decrypted outside of a company, e.g., on a PC with Internet connectivity, or when the security of a company PC is compromised, such document is once more exposed.
There is a need for improving current methods for secure distribution of sensitive documents and more generally, for securely managing user access to files.